CVE-2016-6602

Name of the Vulnerable Software and Affected Versions ZOHO WebNMS Framework versions 5.2 and 5.2 SP1

Description The issue allows context-dependent attackers to obtain cleartext passwords by leveraging access to the "WEB-INF/conf/securitydbData.xml" file, due to the use of a weak obfuscation algorithm to store passwords.

Recommendations For ZOHO WebNMS Framework versions 5.2 and 5.2 SP1, consider restricting access to the "WEB-INF/conf/securitydbData.xml" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.